Can default P2P settings break the law? US says yes

The Federal Trade Commission has decided that certain default software settings can violate the law against “unfair or deceptive acts or practices in or affecting commerce.” The agency recently went after the peer-to-peer filesharing program FrostWire for sharing too many user files by default, something that could easily lead to identity theft, copyright infringement, and the loss of “intimate photographs.” That's right: the federal government now goes to court to protect the privacy of your nude smartphone pics.

FrostWire settled the charges today and agreed to numerous changes to its default settings. It will also push a patch to change settings for current users.

FrostWire is file-sharing software created from a fork of the open-source LimeWire code. With LimeWire now shuttered by court order, FrostWire has proven popular, but the FTC argues that both its mobile and desktop versions deceive users and share far too much information. With FrostWire for Android smartphones, the default installation automatically shares pictures, video, documents, and music files on the device—including existing, user-generated photos from the built-in camera or user documents copied from a desktop computer running Frostwire Desktop.

Once shared, the mobile app made it difficult to un-share categories of files. The FTC complaint provides an example:

A consumer with 200 photos on her mobile device who installed the application with the intent of sharing only 10 of those photos first had to designate all 200 photos in the “Picture” category as shared, and then affirmatively unshare each of the 190 photos that she wished to keep private. She also needed to remember, when next running the application, to unshare the category or individually unshare any new photos she might have taken in the meantime in order to keep the new photos private. Nothing in the FrostWire for Android installation and setup process, or the application's user interface, adequately informed consumers that the application operated in this manner.

The agency charged that this approach could lead to the loss of voice recordings made on the phone or “intimate photographs” taken with the phone. It might also lead people to unintentionally share copyrighted material, or lose personal documents that could increase the risk of identity theft.

FrostWire's desktopAndroid integration

But was this level of default sharing actually illegal? The FTC argues that the process was so confusing and opaque to most users that they would "unwittingly" share information, and that there were no "countervailing benefits to consumers or competition" from this sharing.

It also claimed that the defaults ran "counter to standard software development guidance, and counter to established practices in the development of file-sharing applications.” As for the FrostWire desktop program, the agency pointed to numerous confusing situations in which downloaded files were automatically shared over the network, even when saved to a folder that itself was not shared.

FrostWire manager Angel Leon has agreed to make changes to his programs. Defaults will be altered, sharing will be explained more clearly, and updates will be pushed out to existing users. With the Android app, for instance, Leon is required to update the code so that it "designates all previously shared files on those computers not to be shared by the application unless consumers using those computers affirmatively select them to be shared."

Update: Leon tells Ars that the issues have been been fixed in all recent versions of FrostWire. "We're software developers of a free app and we saw the complaints from the FTC as bugs that needed to be fixed," he said by e-mail. "In a few days we had already made both of our softwares (Desktop and Android) fully compliant with the FTC proposal." Current FrostWire downloads make more clear what's being shared, and the FrostWire team has also transitioned away from the spam-plagued Gnutella network to BitTorrent.

Stupid, incomplete instructions for a free software program - I am shocked.

So the government is now trying to force user guidelines for software devs. What ever happened to RTFM?

Edit - This isn't the only bit torrent software out there. If a person decides that they don't like it or the way it works. Uninstall it and try another one.

Once shared, the mobile app made it difficult to un-share categories of files. The FTC complaint provides an example:

A consumer with 200 photos on her mobile device who installed the application with the intent of sharing only 10 of those photos first had to designate all 200 photos in the “Picture” category as shared, and then affirmatively unshare each of the 190 photos that she wished to keep private. She also needed to remember, when next running the application, to unshare the category or individually unshare any new photos she might have taken in the meantime in order to keep the new photos private. Nothing in the FrostWire for Android installation and setup process, or the application's user interface, adequately informed consumers that the application operated in this manner.

Sounds more than deliberately counterintuitive if true. Don't know as I don't use this program, and never will.

Stupid, incomplete instructions for a free software program - I am shocked.

So the government is now trying to force user guidelines for software devs. What ever happened to RTFM?

Edit - This isn't the only bit torrent software out there. If a person decides that they don't like it or the way it works. Uninstall it and try another one.

It's deceptive software. Shouldn’t we want the government to make sure citizens aren't being taken advantage of? Who’s being hurt here?

I mean, you can still download the software and use it however you'd like. They're just adjusting the settings so that you don't share things you never intended to when you were never asked to begin with.

Once shared, the mobile app made it difficult to un-share categories of files. The FTC complaint provides an example:

A consumer with 200 photos on her mobile device who installed the application with the intent of sharing only 10 of those photos first had to designate all 200 photos in the “Picture” category as shared, and then affirmatively unshare each of the 190 photos that she wished to keep private. She also needed to remember, when next running the application, to unshare the category or individually unshare any new photos she might have taken in the meantime in order to keep the new photos private. Nothing in the FrostWire for Android installation and setup process, or the application's user interface, adequately informed consumers that the application operated in this manner.

Sounds more than deliberately counterintuitive if true. Don't know as I don't use this program, and never will.

Looking at Frostwire's FAQ page, their sharing example shows sharing based on directories and sub-directories. Of course, there's sub-options for other file types.

I'm not going to download the program to be sure but I suppose it asks the user what file types they want to share. And if they checked "Sure, share all my mp3s and jpg" there might be a problem un-sharing things in the future.. but this behavior is nothing new, Napster did the very same thing 10 years ago.

It's deceptive software. Shouldn’t we want the government to make sure citizens aren't being taken advantage of? Who’s being hurt here?

I mean, you can still download the software and use it however you'd like. They're just adjusting the settings so that you don't share things you never intended to when you were never asked to begin with.

Sadly, it's just like every other P2P application out there. Most of us are adept enough not to share every thing on our computer when we set the application up.

I have been using Frostwire for a long time now have have installed it multiple times. It was not until recently that this default behavior could not be easily changed from within the Welcome/Setting Dialog .

IN OTHER WORDS, THIS IS NEW SINCE VERSION 5!

It use to be easy to specify that you did NOT want to share *newly downloaded* files and that you only wanted to share certain folders. Although, it was always odd to me that the default settings were in fact set to share anything you downloaded automatically.

I guess once they took the option to opt-out, out of the Welcome/Settings Dialog, it was the last straw... Nice timing though.

It's funny that Facebook shares too much information and they get the lynch mob. Frostwire does it and it's okay and how dare government attempt to stop them from sharing personal information by default.

Maybe this will lead to the FTC going after app (mobile, desktop, web, etc.) developers that demand you relinquish your data down to your DNA sequence in order to use their apps. Or at least the people who demand you forfeit rights already guaranteed to you by law, especially the ones that demand you sign a contract saying your only legal avenue to dispute grievances, no matter how how server, is to take them to arbitration where they get to pick the arbitrator.

It's funny that Facebook shares too much information and they get the lynch mob. Frostwire does it and it's okay and how dare government attempt to stop them from sharing personal information by default.

Did the government go after Facebook then?

Anyway, the government starting to go after software settings, and starting with p2p apps, is a butter-slippery slope. Though this one case seems legitimate.

I'm gonna have to side with the FTC on this one. Default settings for software like Frostwire should default to a more secure state. Heck, ask during install if they want to open it up, just make sure the default answer is "no". Seems perfectly reasonable to me.

They go after Frostwire for being deceptive in not making it clear that all files of a certain type will be shared, but yet they still allow ISPs to advertise speeds that are often double or triple what the user will actually be able to get...

heinsj wrote:

Sadly, it's just like every other P2P application out there. Most of us are adept enough not to share every thing on our computer when we set the application up.

Not every P2P program is like this. By default, eMule only shares the contents of the "Incoming" directory. Users can add other directories to be shared, but since Incoming doesn't exist prior to the installation of the program, a new installation of eMule shares nothing until the user adds files to that directory, or manually adds other directories.